Lines Matching refs:ret
199 int ret = HX509_CERT_NOT_FOUND;
214 ret = hx509_query_match_eku(q, cf[i].oid);
215 if (ret) {
216 pk_copy_error(context, context->hx509ctx, ret,
218 return ret;
221 ret = hx509_certs_find(context->hx509ctx, id->certs, q, cert);
222 if (ret == 0)
224 pk_copy_error(context, context->hx509ctx, ret,
227 return ret;
239 int ret, flags = 0;
244 ret = hx509_cms_create_signed_1(context->hx509ctx,
255 if (ret) {
256 pk_copy_error(context, context->hx509ctx, ret,
258 return ret;
271 int ret;
278 ret = hx509_cert_get_subject(c, &subject);
279 if (ret)
280 return ret;
291 ret = hx509_name_binary(subject, id.subjectName);
292 if (ret) {
295 return ret;
314 ret = hx509_cert_get_issuer(c, &issuer);
315 if (ret) {
317 return ret;
320 ret = hx509_name_to_Name(issuer, &iasn.issuer);
322 if (ret) {
324 return ret;
327 ret = hx509_cert_get_serialnumber(c, &iasn.serialNumber);
328 if (ret) {
331 return ret;
337 &iasn, &size, ret);
339 if (ret)
340 return ret;
377 krb5_error_code ret;
391 ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret);
392 if (ret)
393 return ret;
397 ret = krb5_create_checksum(context,
405 if (ret)
406 return ret;
415 ret = krb5_data_copy(a->pkAuthenticator.paChecksum,
418 if (ret)
419 return ret;
442 ret = _krb5_parse_moduli(context, moduli_file, &ctx->m);
443 if (ret)
444 return ret;
453 ret = select_dh_group(context, ctx->u.dh, dh_min_bits, ctx->m);
454 if (ret)
455 return ret;
470 ret = krb5_data_alloc(a->clientDHNonce, 40);
473 return ret;
476 ret = krb5_copy_data(context, a->clientDHNonce,
478 if (ret)
479 return ret;
492 ret = der_copy_oid(&asn1_oid_id_dhpublicnumber,
494 if (ret)
495 return ret;
500 ret = BN_to_integer(context, p, &dp.p);
501 if (ret) {
503 return ret;
505 ret = BN_to_integer(context, g, &dp.g);
506 if (ret) {
508 return ret;
510 ret = BN_to_integer(context, q, &dp.q);
511 if (ret) {
513 return ret;
522 return ret;
528 &dp, &size, ret);
530 if (ret)
531 return ret;
536 ret = BN_to_integer(context, pub_key, &dh_pub_key);
537 if (ret)
538 return ret;
541 &dh_pub_key, &size, ret);
543 if (ret)
544 return ret;
556 ret = der_copy_oid(&asn1_oid_id_ec_group_secp256r1,
558 if (ret)
559 return ret;
566 ASN1_MALLOC_ENCODE(ECParameters, p, xlen, &ecp, &size, ret);
568 if (ret)
569 return ret;
578 ret = der_copy_oid(&asn1_oid_id_ecPublicKey,
580 if (ret)
581 return ret;
587 ret = EC_KEY_generate_key(ctx->u.eckey);
588 if (ret != 1)
622 ret = hx509_crypto_available(context->hx509ctx, HX509_SELECT_ALL,
626 if (ret)
627 return ret;
630 return ret;
639 krb5_error_code ret;
641 ret = der_copy_oid(oid, &content_info->contentType);
642 if (ret)
643 return ret;
663 krb5_error_code ret;
681 ret = copy_PrincipalName(req_body->sname, &ap.pkAuthenticator.kdcName);
682 if (ret) {
687 ret = copy_Realm(&req_body->realm, &ap.pkAuthenticator.kdcRealm);
688 if (ret) {
700 &ap, &size, ret);
702 if (ret) {
703 krb5_set_error_message(context, ret,
705 (int)ret);
717 ret = build_auth_pack(context, nonce, ctx, req_body, &ap);
718 if (ret) {
723 ASN1_MALLOC_ENCODE(AuthPack, buf.data, buf.length, &ap, &size, ret);
725 if (ret) {
726 krb5_set_error_message(context, ret,
728 (int)ret);
738 ret = create_signature(context, oid, &buf, ctx->id,
741 if (ret)
744 ret = hx509_cms_wrap_ContentInfo(&asn1_oid_id_pkcs7_signedData, &sd_buf, &buf);
746 if (ret) {
747 krb5_set_error_message(context, ret,
762 &winreq, &size, ret);
777 ret = ENOMEM;
778 krb5_set_error_message(context, ret,
783 ret = build_edi(context, context->hx509ctx,
785 if (ret) {
786 krb5_set_error_message(context, ret,
796 &req, &size, ret);
802 if (ret) {
803 krb5_set_error_message(context, ret, "PA-PK-AS-REQ %d", (int)ret);
809 ret = krb5_padata_add(context, md, pa_type, buf.data, buf.length);
810 if (ret)
813 if (ret == 0)
819 return ret;
909 int ret, flags = 0;
920 ret = hx509_cms_verify_signed(context->hx509ctx,
930 if (ret) {
931 pk_copy_error(context, context->hx509ctx, ret,
933 return ret;
939 ret = ENOMEM;
943 ret = hx509_get_one_cert(context->hx509ctx, signer_certs, &(*signer)->cert);
944 if (ret) {
945 pk_copy_error(context, context->hx509ctx, ret,
952 if (ret) {
960 return ret;
970 krb5_error_code ret;
973 ret = decode_ReplyKeyPack_Win2k(content->data,
977 if (ret) {
978 krb5_set_error_message(context, ret,
981 return ret;
985 krb5_set_error_message(context, ret,
999 ret = copy_EncryptionKey(&key_pack.replyKey, *key);
1001 if (ret) {
1002 krb5_set_error_message(context, ret,
1008 return ret;
1018 krb5_error_code ret;
1021 ret = decode_ReplyKeyPack(content->data,
1025 if (ret) {
1026 krb5_set_error_message(context, ret,
1029 return ret;
1040 ret = krb5_crypto_init(context, &key_pack.replyKey, 0, &crypto);
1041 if (ret) {
1043 return ret;
1046 ret = krb5_verify_checksum(context, crypto, 6,
1050 if (ret) {
1052 return ret;
1064 ret = copy_EncryptionKey(&key_pack.replyKey, *key);
1066 if (ret) {
1067 krb5_set_error_message(context, ret,
1073 return ret;
1084 krb5_error_code ret = 0;
1087 ret = hx509_cert_check_eku(context->hx509ctx, host->cert,
1089 if (ret) {
1090 krb5_set_error_message(context, ret,
1092 return ret;
1099 ret = hx509_cert_find_subjectAltName_otherName(context->hx509ctx,
1103 if (ret) {
1104 krb5_set_error_message(context, ret,
1109 return ret;
1115 ret = decode_KRB5PrincipalName(list.val[i].data,
1119 if (ret) {
1120 krb5_set_error_message(context, ret,
1133 ret = KRB5_KDC_ERR_INVALID_CERTIFICATE;
1134 krb5_set_error_message(context, ret,
1140 if (ret)
1145 if (ret)
1146 return ret;
1149 ret = hx509_verify_hostname(context->hx509ctx, host->cert,
1155 if (ret)
1156 krb5_set_error_message(context, ret,
1160 return ret;
1177 krb5_error_code ret;
1192 ret = hx509_cms_unenvelope(context->hx509ctx,
1201 if (ret) {
1202 pk_copy_error(context, context->hx509ctx, ret,
1204 return ret;
1213 ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &out, NULL);
1214 if (ret) {
1222 ret = der_put_length_and_tag (ptr + ph - 1, ph, content.length,
1224 if (ret)
1225 return ret;
1230 ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &out, NULL);
1231 if (ret)
1235 ret = EINVAL; /* XXX */
1236 krb5_set_error_message(context, ret,
1244 ret = krb5_data_copy(&content, out.data, out.length);
1246 if (ret) {
1247 krb5_set_error_message(context, ret,
1253 ret = pk_verify_sign(context,
1260 if (ret)
1264 ret = pk_verify_host(context, realm, hi, ctx, host);
1265 if (ret) {
1272 ret = KRB5KRB_AP_ERR_MSG_TYPE;
1273 krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid");
1278 ret = KRB5KRB_AP_ERR_MSG_TYPE;
1279 krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid");
1287 ret = get_reply_key(context, &content, req_buffer, key);
1288 if (ret != 0 && ctx->require_binding == 0)
1289 ret = get_reply_key_win(context, &content, nonce, key);
1292 ret = get_reply_key(context, &content, req_buffer, key);
1295 if (ret)
1306 return ret;
1330 krb5_error_code ret;
1343 ret = pk_verify_sign(context,
1350 if (ret)
1354 ret = pk_verify_host(context, realm, hi, ctx, host);
1355 if (ret)
1359 ret = KRB5KRB_AP_ERR_MSG_TYPE;
1360 krb5_set_error_message(context, ret,
1365 ret = decode_KDCDHKeyInfo(content.data,
1370 if (ret) {
1371 krb5_set_error_message(context, ret,
1378 ret = KRB5KRB_AP_ERR_MODIFIED;
1379 krb5_set_error_message(context, ret,
1386 ret = KRB5KRB_ERR_GENERIC;
1387 krb5_set_error_message(context, ret,
1393 ret = KRB5KRB_ERR_GENERIC;
1394 krb5_set_error_message(context, ret,
1401 ret = KRB5KRB_ERR_GENERIC;
1402 krb5_set_error_message(context, ret,
1416 ret = decode_DHPublicKey(p, size, &k, NULL);
1417 if (ret) {
1418 krb5_set_error_message(context, ret,
1427 ret = ENOMEM;
1436 ret = ENOMEM;
1437 krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
1443 ret = KRB5KRB_ERR_GENERIC;
1445 krb5_set_error_message(context, ret,
1464 ret = ENOMEM;
1469 ret = ENOMEM;
1475 ret = KRB5KRB_ERR_GENERIC;
1476 krb5_set_error_message(context, ret,
1485 ret = ENOMEM;
1486 krb5_set_error_message(context, ret,
1494 ret = KRB5KRB_ERR_GENERIC;
1496 krb5_set_error_message(context, ret,
1501 ret = EINVAL;
1506 ret = EINVAL;
1507 krb5_set_error_message(context, ret,
1515 ret = ENOMEM;
1516 krb5_set_error_message(context, ret,
1521 ret = _krb5_pk_octetstring2key(context,
1526 if (ret) {
1527 krb5_set_error_message(context, ret,
1548 return ret;
1563 krb5_error_code ret;
1578 ret = decode_PA_PK_AS_REP(pa->padata_value.data,
1582 if (ret) {
1583 krb5_set_error_message(context, ret,
1585 return ret;
1604 ret = decode_PA_PK_AS_REP_BTMM(pa->padata_value.data,
1608 if (ret) {
1617 ret = EINVAL;
1618 krb5_set_error_message(context, ret,
1620 return ret;
1637 ret = hx509_cms_unwrap_ContentInfo(&os, &oid, &data, NULL);
1638 if (ret) {
1640 krb5_set_error_message(context, ret,
1642 return ret;
1647 ret = pk_rd_pa_reply_dh(context, &data, &oid, realm, ctx, etype, hi,
1653 ret = pk_rd_pa_reply_enckey(context, PKINIT_27, &data, &oid, realm,
1678 ret = decode_PA_PK_AS_REP_Win2k(pa->padata_value.data,
1682 if (ret) {
1683 krb5_set_error_message(context, ret,
1685 "pkinit reply %d", ""), (int)ret);
1686 return ret;
1696 ret = hx509_cms_unwrap_ContentInfo(&w2krep.u.encKeyPack,
1699 if (ret) {
1700 krb5_set_error_message(context, ret,
1702 return ret;
1705 ret = pk_rd_pa_reply_enckey(context, PKINIT_WIN2K, &data, &oid, realm,
1714 ret = EINVAL;
1715 krb5_set_error_message(context, ret,
1722 ret = EINVAL;
1723 krb5_set_error_message(context, ret,
1727 return ret;
1739 krb5_error_code ret;
1762 ret = (*p->prompter)(p->context, p->prompter_data, NULL, NULL, 1, &prompt);
1763 if (ret) {
1778 int ret;
1790 ret = hx509_query_alloc(context->hx509ctx, &q);
1791 if (ret) {
1792 pk_copy_error(context, context->hx509ctx, ret,
1794 return ret;
1804 ret = find_cert(context, ctx->id, q, &ctx->id->cert);
1807 if (ret == 0 && _krb5_have_debug(context, 2)) {
1812 ret = hx509_cert_get_subject(ctx->id->cert, &name);
1813 if (ret)
1816 ret = hx509_name_to_string(name, &str);
1818 if (ret)
1821 ret = hx509_cert_get_serialnumber(ctx->id->cert, &i);
1822 if (ret) {
1827 ret = der_print_hex_heim_integer(&i, &sn);
1829 if (ret) {
1840 return ret;
1856 int ret;
1878 ret = hx509_lock_init(context->hx509ctx, &lock);
1879 if (ret) {
1880 pk_copy_error(context, context->hx509ctx, ret, "Failed init lock");
1892 ret = hx509_lock_set_prompter(lock, hx_pass_prompter, &p);
1893 if (ret) {
1899 ret = hx509_certs_init(context->hx509ctx, user_id, 0, lock, &id->certs);
1901 if (ret) {
1902 pk_copy_error(context, context->hx509ctx, ret,
1910 ret = hx509_certs_init(context->hx509ctx, anchor_id, 0, NULL, &id->anchors);
1911 if (ret) {
1912 pk_copy_error(context, context->hx509ctx, ret,
1917 ret = hx509_certs_init(context->hx509ctx, "MEMORY:pkinit-cert-chain",
1919 if (ret) {
1920 pk_copy_error(context, context->hx509ctx, ret,
1926 ret = hx509_certs_append(context->hx509ctx, id->certpool,
1928 if (ret) {
1929 pk_copy_error(context, context->hx509ctx, ret,
1938 ret = hx509_revoke_init(context->hx509ctx, &id->revokectx);
1939 if (ret) {
1940 pk_copy_error(context, context->hx509ctx, ret,
1946 ret = hx509_revoke_add_crl(context->hx509ctx,
1949 if (ret) {
1950 pk_copy_error(context, context->hx509ctx, ret,
1959 ret = hx509_verify_init_ctx(context->hx509ctx, &id->verify_ctx);
1960 if (ret) {
1961 pk_copy_error(context, context->hx509ctx, ret,
1970 if (ret) {
1980 return ret;
1996 int ret;
1999 ret = vasprintf(&f, fmt, va);
2001 if (ret == -1 || f == NULL) {
2021 int ret;
2030 ret = der_parse_hex_heim_integer(p1, integer);
2031 if (ret) {
2032 krb5_set_error_message(context, ret,
2036 return ret;
2051 int ret;
2068 ret = EINVAL;
2072 krb5_set_error_message(context, ret,
2079 ret = ENOMEM;
2080 krb5_set_error_message(context, ret, N_("malloc: out of memeory", ""));
2086 krb5_set_error_message(context, ret,
2094 krb5_set_error_message(context, ret,
2100 ret = parse_integer(context, &p, file, lineno, "p", &m1->p);
2101 if (ret)
2103 ret = parse_integer(context, &p, file, lineno, "g", &m1->g);
2104 if (ret)
2106 ret = parse_integer(context, &p, file, lineno, "q", &m1->q);
2107 if (ret)
2119 return ret;
2195 krb5_error_code ret;
2211 ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[0]);
2212 if (ret) {
2214 return ret;
2219 ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[1]);
2220 if (ret) {
2222 return ret;
2268 ret = _krb5_parse_moduli_line(context, file, lineno, buf, &element);
2269 if (ret) {
2271 return ret;
2379 krb5_error_code ret;
2423 ret = _krb5_pk_load_id(context,
2432 if (ret) {
2435 return ret;
2458 ret = hx509_cert_get_SPKI_AlgorithmIdentifier(hx509ctx, cert, &alg);
2459 if (ret == 0) {
2517 int ret;
2521 ret = hx509_cert_find_subjectAltName_otherName(context,
2525 if (ret)
2529 ret = decode_MS_UPN_SAN(list.val[0].data, list.val[0].length,
2532 ret = 1;
2535 return ret;
2542 int ret;
2544 ret = get_ms_san(context, cert, &upn);
2545 if (ret == 0)
2547 return ret;
2566 krb5_error_code ret;
2581 ret = hx509_certs_init(context->hx509ctx, user_id, 0, NULL, &certs);
2582 if (ret) {
2583 pk_copy_error(context, context->hx509ctx, ret,
2588 ret = hx509_query_alloc(context->hx509ctx, &q);
2589 if (ret) {
2590 krb5_set_error_message(context, ret, "out of memory");
2600 ret = hx509_certs_filter(context->hx509ctx, certs, q, &result);
2603 if (ret) {
2604 pk_copy_error(context, context->hx509ctx, ret,
2606 return ret;
2609 ret = hx509_get_one_cert(context->hx509ctx, result, &cert);
2611 if (ret) {
2612 pk_copy_error(context, context->hx509ctx, ret,
2617 ret = get_ms_san(context->hx509ctx, cert, &name);
2618 if (ret) {
2619 pk_copy_error(context, context->hx509ctx, ret,
2624 ret = krb5_make_principal(context, principal, realm, name, NULL);
2626 if (ret)
2632 ret = hx509_certs_init(context->hx509ctx, "MEMORY:", 0, NULL, res);
2633 if (ret)
2636 ret = hx509_certs_add(context->hx509ctx, *res, cert);
2637 if (ret) {
2646 return ret;